Re: [cors] Review

On Wed, 17 Jun 2009 19:45:54 +0200, Tyler Close <tyler.close@gmail.com>  
wrote:
> I believe the described heuristics provide complete coverage for
> resources behind my company's firewall. Is there a common firewall
> configuration you are concerned about?

I do not know enough about firewall setups to make an informed comment on  
that, but I do not think it is my responsibility to show that your  
proposal does not have / has flaws. If you make your proposal a bit more  
concrete and manage to convince one or vendors to support it we should  
definitely consider it, but until that time this is not much to go by, in  
my opinion.


> The proposed solution uses both heuristics and configuration, not
> relying solely on either for protection.
>
> If this technique can in practice provide adequate protection, it is a
> much better solution than CORS, which undermines HTTP and webarch in a
> number of ways (all discussed previously and again raised by mnot).

I do not think CORS undermines HTTP or webarch.

I do think that if your proposal would actually work that'd be pretty neat.


-- 
Anne van Kesteren
http://annevankesteren.nl/

Received on Wednesday, 17 June 2009 20:02:16 UTC